<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第159期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第159期）</strong></h5>
<blockquote> 2017/03/13-2017/03/19</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>OnionScan报告：暗网网站数量减少20%（受自由主机II被黑影响）<br><a target="_blank" href="http://bobao.360.cn/news/detail/4057.html">http://bobao.360.cn/news/detail/4057.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Where Have All The Exploit Kits Gone? <br><a target="_blank" href="https://threatpost.com/where-have-all-the-exploit-kits-gone/124241/">https://threatpost.com/where-have-all-the-exploit-kits-gone/124241/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>New MajikPOS Malware targets users in across North America and Canada<br><a target="_blank" href="http://securityaffairs.co/wordpress/57176/malware/majikpos-malware.html">http://securityaffairs.co/wordpress/57176/malware/majikpos-malware.html</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>CanSecWest 2017 PPT<br><a target="_blank" href="https://www.slideshare.net/CanSecWest">https://www.slideshare.net/CanSecWest</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>新型Web攻击技术：RPO攻击初探<br><a target="_blank" href="http://mp.weixin.qq.com/s/P-ncFmNZfBteJBQr8INzsw">http://mp.weixin.qq.com/s/P-ncFmNZfBteJBQr8INzsw</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>免杀艺术 1: 史上最全的免杀方法汇总<br><a target="_blank" href="http://www.4hou.com/technology/3853.html">http://www.4hou.com/technology/3853.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>1000php: 1000个PHP代码审计案例(2016.7以前乌云公开漏洞)<br><a target="_blank" href="https://github.com/Xyntax/1000php">https://github.com/Xyntax/1000php</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>HackRF 入门 -- GPS欺骗、GSM嗅探 <br><a target="_blank" href="http://s1nh.org/post/hackrf-quick-start/">http://s1nh.org/post/hackrf-quick-start/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>reGeorg+Proxifier使用<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/843.html">https://xianzhi.aliyun.com/forum/read/843.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>WebLogic SSRF + Redis内网入侵<br><a target="_blank" href="http://ecma.io/?p=607">http://ecma.io/?p=607</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>T00ls.Net 沙龙第一期 2017上 PPT合集<br><a target="_blank" href="https://github.com/t00lsnet/Salon1">https://github.com/t00lsnet/Salon1</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>angr-doc-zh_CN: Angr-doc的中文翻译 (开源符号执行框架)<br><a target="_blank" href="https://github.com/a7vinx/angr-doc-zh_CN">https://github.com/a7vinx/angr-doc-zh_CN</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>s2-045真正一键getshell菜刀马-突破任何限制 <br><a target="_blank" href="http://pirogue.org/2017/03/09/s2-045%E7%9C%9F%E6%AD%A3%E4%B8%80%E9%94%AEgetshell%E8%8F%9C%E5%88%80%E9%A9%AC-%E7%AA%81%E7%A0%B4%E4%BB%BB%E4%BD%95%E9%99%90%E5%88%B6/">http://pirogue.org/2017/03/09/s2-045%E7%9C%9F%E6%AD%A3%E4%B8%80%E9%94%AEgetshell%E8%8F%9C%E5%88%80%E9%A9%AC-%E7%AA%81%E7%A0%B4%E4%BB%BB%E4%BD%95%E9%99%90%E5%88%B6/</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>CTF资源库(包含工具和相关链接)<br><a target="_blank" href="https://www.ctftools.com/down/">https://www.ctftools.com/down/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>MS16-032: MS16-032(CVE-2016-0099)提权工具<br><a target="_blank" href="https://github.com/zcgonvh/MS16-032">https://github.com/zcgonvh/MS16-032</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>网络空间搜索引擎全方位评测<br><a target="_blank" href="http://www.freebuf.com/sectool/129211.html">http://www.freebuf.com/sectool/129211.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>yuange1975   DVE杂谈<br><a target="_blank" href="http://weibo.com/ttarticle/p/show?id=2309404085114761024814">http://weibo.com/ttarticle/p/show?id=2309404085114761024814</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>hackmd: 团队多人同时写作平台(Markdown)<br><a target="_blank" href="https://github.com/hackmdio/hackmd">https://github.com/hackmdio/hackmd</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>mysql手工注入<br><a target="_blank" href="http://www.jianshu.com/p/268ef198d191">http://www.jianshu.com/p/268ef198d191</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>安全导航<br><a target="_blank" href="http://thief.one/SecWeb/index.html">http://thief.one/SecWeb/index.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>信息泄露，那些央视没报的“内鬼”<br><a target="_blank" href="http://www.4hou.com/info/news/3808.html">http://www.4hou.com/info/news/3808.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>HTTP API网关选择之一Kong介绍<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIwODA4NjMwNA==&amp;mid=2652898217&amp;idx=1&amp;sn=77a391ca2e2e13ae907375958a3265c8&amp;chksm=8cdcd7e6bbab5ef083f6f3b396eb497e5ea350f450ea9626940857c1555bab9e87f63816954f&amp;mpshare=1&amp;scene=1&amp;srcid=0312vcViKaeP5NGx3IGsU1gB&amp;key=04b8921">https://mp.weixin.qq.com/s?__biz=MzIwODA4NjMwNA==&amp;mid=2652898217&amp;idx=1&amp;sn=77a391ca2e2e13ae907375958a3265c8&amp;chksm=8cdcd7e6bbab5ef083f6f3b396eb497e5ea350f450ea9626940857c1555bab9e87f63816954f&amp;mpshare=1&amp;scene=1&amp;srcid=0312vcViKaeP5NGx3IGsU1gB&amp;key=04b8921</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)<br><a target="_blank" href="https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff#.use7nnfwq">https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff#.use7nnfwq</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>技术干货之绿化软件小教程<br><a target="_blank" href="http://weibo.com/ttarticle/p/show?id=2309404085979387458840">http://weibo.com/ttarticle/p/show?id=2309404085979387458840</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>opensns最新版前台getshell<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/814.html">https://xianzhi.aliyun.com/forum/read/814.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Dvxte：涵盖多个漏洞演练程序的Docker容器<br><a target="_blank" href="http://www.mottoin.com/98368.html">http://www.mottoin.com/98368.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>利用服务器漏洞挖矿黑产案例分析<br><a target="_blank" href="http://www.freebuf.com/articles/system/129459.html">http://www.freebuf.com/articles/system/129459.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>一个简单的分布式WEB扫描器的设计与实践<br><a target="_blank" href="http://avfisher.win/archives/676">http://avfisher.win/archives/676</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>企业安全建设之浅谈办公网安全<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIwOTc0MDU3NA==&amp;mid=2247483854&amp;idx=1&amp;sn=e7789a52f18a44004fcc6fc3677a3c49&amp;chksm=976e77bfa019fea95214a908cd05ea7ecdc939700dbee9d578dad9a12e83e2569bbf5b05b2ca&amp;scene=0&amp;key=1d95f5a097bd6c46532cc6372668c916282b32c2d2b43c1a">https://mp.weixin.qq.com/s?__biz=MzIwOTc0MDU3NA==&amp;mid=2247483854&amp;idx=1&amp;sn=e7789a52f18a44004fcc6fc3677a3c49&amp;chksm=976e77bfa019fea95214a908cd05ea7ecdc939700dbee9d578dad9a12e83e2569bbf5b05b2ca&amp;scene=0&amp;key=1d95f5a097bd6c46532cc6372668c916282b32c2d2b43c1a</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>爬搜索引擎之寻你千百度<br><a target="_blank" href="http://thief.one/2017/03/17/%E7%88%AC%E6%90%9C%E7%B4%A2%E5%BC%95%E6%93%8E%E4%B9%8B%E5%AF%BB%E4%BD%A0%E5%8D%83%E7%99%BE%E5%BA%A6/">http://thief.one/2017/03/17/%E7%88%AC%E6%90%9C%E7%B4%A2%E5%BC%95%E6%93%8E%E4%B9%8B%E5%AF%BB%E4%BD%A0%E5%8D%83%E7%99%BE%E5%BA%A6/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>部分CIA的漏洞利用工具干货请查收<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&amp;mid=2655295037&amp;idx=1&amp;sn=a237e5d69d3d642c699f76ea5d31c3e7&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&amp;mid=2655295037&amp;idx=1&amp;sn=a237e5d69d3d642c699f76ea5d31c3e7&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>PowerShell Obfuscator<br><a target="_blank" href="https://github.com/danielbohannon/Invoke-Obfuscation">https://github.com/danielbohannon/Invoke-Obfuscation</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>GitHub Enterprise Remote Code Execution  漏洞细节分析<br><a target="_blank" href="http://exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html">http://exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span> An exploit for Apache Struts CVE-2017-5638<br><a target="_blank" href="https://github.com/mazen160/struts-pwn">https://github.com/mazen160/struts-pwn</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Docker Remote API 未授权访问漏洞<br><a target="_blank" href="https://lightless.me/archives/docker-remote-api-vulnerability.html">https://lightless.me/archives/docker-remote-api-vulnerability.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>网卡收包流程<br><a target="_blank" href="http://mp.weixin.qq.com/s/UhF2KCASoIhTiKXPFOPiww">http://mp.weixin.qq.com/s/UhF2KCASoIhTiKXPFOPiww</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>从ISA游戏浅谈渗透测试基础小技巧<br><a target="_blank" href="http://www.jianshu.com/p/a060ddcf798b">http://www.jianshu.com/p/a060ddcf798b</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>利用Struts 02-045漏洞快速渗透韩国某服务器<br><a target="_blank" href="http://simeon.blog.51cto.com/18680/1905542">http://simeon.blog.51cto.com/18680/1905542</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Windows x86 - Hide Console Window Shellcode<br><a target="_blank" href="https://www.exploit-db.com/exploits/41581/">https://www.exploit-db.com/exploits/41581/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>PetrWrap: the new Petya-based ransomware used in targeted attacks<br><a target="_blank" href="https://securelist.com/blog/research/77762/petrwrap-the-new-petya-based-ransomware-used-in-targeted-attacks/">https://securelist.com/blog/research/77762/petrwrap-the-new-petya-based-ransomware-used-in-targeted-attacks/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Penetration_Testing_Guidance<br><a target="_blank" href="https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf">https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>How to bypass the patch to keep spoofing the address bar with the Malware Warnin<br><a target="_blank" href="https://www.brokenbrowser.com/bypass-the-patch-to-keep-spoofing-the-address-bar-with-the-malware-warning/">https://www.brokenbrowser.com/bypass-the-patch-to-keep-spoofing-the-address-bar-with-the-malware-warning/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Powerfuzzer – Automated Customizable Web Fuzzer<br><a target="_blank" href="http://www.darknet.org.uk/2017/03/powerfuzzer-automated-customizable-web-fuzzer/">http://www.darknet.org.uk/2017/03/powerfuzzer-automated-customizable-web-fuzzer/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Struts2 S2-045漏洞态势分析报告<br><a target="_blank" href="http://plcscan.org/blog/2017/03/struts2-s2-045-risk-awareness-report-from-beaconlab/">http://plcscan.org/blog/2017/03/struts2-s2-045-risk-awareness-report-from-beaconlab/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>爬虫这件小事<br><a target="_blank" href="https://sec.xiaomi.com/article/25">https://sec.xiaomi.com/article/25</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Roundcube 邮件正文存储型XSS(CVE-2017-6820)<br><a target="_blank" href="http://paper.seebug.org/249/">http://paper.seebug.org/249/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>在Linux上使用AFL对Stagefright进行模糊测试<br><a target="_blank" href="http://ele7enxxh.com/Use-AFL-For-Stagefright-Fuzzing-On-Linux.html">http://ele7enxxh.com/Use-AFL-For-Stagefright-Fuzzing-On-Linux.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>漫谈Pyspider网络爬虫的实践<br><a target="_blank" href="https://www.figotan.org/2016/08/10/pyspider-as-a-web-crawler-system/">https://www.figotan.org/2016/08/10/pyspider-as-a-web-crawler-system/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>我眼中的信息安全意识教育体系 <br><a target="_blank" href="https://www.sec-un.org/%e6%88%91%e7%9c%bc%e4%b8%ad%e7%9a%84%e4%bf%a1%e6%81%af%e5%ae%89%e5%85%a8%e6%84%8f%e8%af%86%e6%95%99%e8%82%b2%e4%bd%93%e7%b3%bb/">https://www.sec-un.org/%e6%88%91%e7%9c%bc%e4%b8%ad%e7%9a%84%e4%bf%a1%e6%81%af%e5%ae%89%e5%85%a8%e6%84%8f%e8%af%86%e6%95%99%e8%82%b2%e4%bd%93%e7%b3%bb/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>osquery for Security — Part 2  [挂 SS]<br><a target="_blank" href="https://medium.com/@clong/osquery-for-security-part-2-2e03de4d3721#.ubq0ezhxe">https://medium.com/@clong/osquery-for-security-part-2-2e03de4d3721#.ubq0ezhxe</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Blind-XXE: A basis for a Blind-Based XXE Exploitation Framework<br><a target="_blank" href="https://github.com/ptonewreckin/Blind-XXE">https://github.com/ptonewreckin/Blind-XXE</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Automatic remote/local file inclusion vulnerablity analysis and exploit tool<br><a target="_blank" href="https://github.com/Hack-Hut/CrabStick">https://github.com/Hack-Hut/CrabStick</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>二进制漏洞利用中的ROP技术研究与实例分析<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/840.html">https://xianzhi.aliyun.com/forum/read/840.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>利用Powershell和ceye.io实现Windows账户密码回传<br><a target="_blank" href="http://www.freebuf.com/articles/system/129068.html">http://www.freebuf.com/articles/system/129068.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Linux非交互式提权<br><a target="_blank" href="http://ecma.io/?p=611">http://ecma.io/?p=611</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span> Ransomware Overview	最全的勒索软件统计分析<br><a target="_blank" href="http://www.nyxbone.com/malware/RansomwareOverview.html">http://www.nyxbone.com/malware/RansomwareOverview.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>osquery for Security — Part 1  [挂 SS]<br><a target="_blank" href="https://medium.com/@clong/osquery-for-security-b66fffdf2daf#.p0dpz5zag">https://medium.com/@clong/osquery-for-security-b66fffdf2daf#.p0dpz5zag</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>企业安全建设之主机级资产管理与分析<br><a target="_blank" href="http://www.freebuf.com/articles/security-management/127851.html">http://www.freebuf.com/articles/security-management/127851.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>浅谈android hook技术<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/833.html">https://xianzhi.aliyun.com/forum/read/833.html</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>NJCTF2017-WriteUp-Nu1L<br><a target="_blank" href="https://www.xctf.org.cn/information/a8ba35ec960b26f17c467a28e89a4a3fae7e48ec/">https://www.xctf.org.cn/information/a8ba35ec960b26f17c467a28e89a4a3fae7e48ec/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>BruteXSS is a tool written in python simply to find XSS vulnerabilities in web a<br><a target="_blank" href="https://github.com/rajeshmajumdar/BruteXSS">https://github.com/rajeshmajumdar/BruteXSS</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>MySQL利用UDF执行命令遇到的坑<br><a target="_blank" href="http://ecma.io/?p=615">http://ecma.io/?p=615</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>WAF Bypasses for apache struts Exploit<br><a target="_blank" href="http://garage4hackers.com/showthread.php?t=7006&amp;p=14924#post14924">http://garage4hackers.com/showthread.php?t=7006&amp;p=14924#post14924</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>SecWiki周刊（第158期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/158">https://www.sec-wiki.com/weekly/158</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>0-day or Feature? Privilege Escalation / Session Hijacking All Windows versions<br><a target="_blank" href="http://www.korznikov.com/2017/03/0-day-or-feature-privilege-escalation.html">http://www.korznikov.com/2017/03/0-day-or-feature-privilege-escalation.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>People Counting and occupancy Monitoring using WiFi Probe Requests and Unmanned <br><a target="_blank" href="http://digitalcommons.fiu.edu/cgi/viewcontent.cgi?article=3649&amp;context=etd">http://digitalcommons.fiu.edu/cgi/viewcontent.cgi?article=3649&amp;context=etd</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>The road to your codebase is paved with forged assertions<br><a target="_blank" href="http://www.economyofmechanism.com/github-saml">http://www.economyofmechanism.com/github-saml</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>三星S6bootloader的逆向工程分析<br><a target="_blank" href="http://www.4hou.com/technology/3786.html">http://www.4hou.com/technology/3786.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Securing the Internet of Things - Developer&#039;s Guidance<br><a target="_blank" href="https://www.peerlyst.com/posts/securing-the-internet-of-things-developer-s-guidance-michael-ball">https://www.peerlyst.com/posts/securing-the-internet-of-things-developer-s-guidance-michael-ball</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Targeting Android for OTA Exploitation<br><a target="_blank" href="https://www.contextis.com//resources/blog/targeting-android-ota-exploitation/">https://www.contextis.com//resources/blog/targeting-android-ota-exploitation/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>The Best Hacking Tools<br><a target="_blank" href="https://n0where.net/best-hacking-tools/">https://n0where.net/best-hacking-tools/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Linux系统下格式化字符串利用研究 <br><a target="_blank" href="http://0x48.pw/2017/03/13/0x2c/">http://0x48.pw/2017/03/13/0x2c/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>杂谈如何绕过WAF（Web应用防火墙）<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/819.html">https://xianzhi.aliyun.com/forum/read/819.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Hadoop集群容易被攻击的几个场景<br><a target="_blank" href="http://www.4hou.com/technology/3787.html">http://www.4hou.com/technology/3787.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>The Linux Kernel Module Programming Guide<br><a target="_blank" href="http://www.tldp.org/LDP/lkmpg/2.6/html/index.html">http://www.tldp.org/LDP/lkmpg/2.6/html/index.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Remote Code Execution (RCE) Attacks on Apache Struts<br><a target="_blank" href="https://www.imperva.com/blog/2017/01/remote-code-execution-rce-attacks-apache-struts/">https://www.imperva.com/blog/2017/01/remote-code-execution-rce-attacks-apache-struts/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>TaoSecurity: The Origin of Threat Hunting<br><a target="_blank" href="https://taosecurity.blogspot.com/2017/03/the-origin-of-threat-hunting.html">https://taosecurity.blogspot.com/2017/03/the-origin-of-threat-hunting.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Recovering BitLocker Keys on Windows 8.1 and 10<br><a target="_blank" href="https://tribalchicken.io/recovering-bitlocker-keys-on-windows-8-1-and-10/">https://tribalchicken.io/recovering-bitlocker-keys-on-windows-8-1-and-10/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Using the ELK Stack and Python in Penetration Testing Workflow<br><a target="_blank" href="https://qbox.io/blog/elk-penetration-testing-workflow-elasticsearch-python">https://qbox.io/blog/elk-penetration-testing-workflow-elasticsearch-python</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>ICS/SCADA虚拟化的安全性影响：调查和未来趋势<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzA5OTMwMzY1NQ==&amp;mid=2647833924&amp;idx=1&amp;sn=87b320f25fc4473143805966588e0cee&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzA5OTMwMzY1NQ==&amp;mid=2647833924&amp;idx=1&amp;sn=87b320f25fc4473143805966588e0cee&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>An Introduction to Penetration Testing Node.js Applications<br><a target="_blank" href="http://resources.infosecinstitute.com/penetration-testing-node-js-applications-part-1/">http://resources.infosecinstitute.com/penetration-testing-node-js-applications-part-1/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Stored XSS in WordPress Core<br><a target="_blank" href="https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.html">https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.html</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/159">SecWiki周刊(第159期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
